On Tue, 05 Sep 2006 22:21:55 -0400, Leonard Jacobs wrote: >Well I wish it were this easy, or perhaps I am still missing something. >I added AllowUsers username in the sshd_config file and changed the >drive to read/write and here's the results: > >[EMAIL PROTECTED]:~# mount -o rw /dev/wd0a / >[EMAIL PROTECTED]:~# ssh -p 222 [EMAIL PROTECTED] >[EMAIL PROTECTED]'s password: >Permission denied, please try again. >[EMAIL PROTECTED]'s password: >Permission denied, please try again. >[EMAIL PROTECTED]'s password: >Permission denied (publickey,password,keyboard-interactive). > >Sep 5 18:31:23 shakti-taos sshd[10335]: Failed none for invalid user lj >from ::1 port 15320 ssh2 >Sep 5 18:31:26 shakti-taos sshd[10335]: Failed password for invalid >user lj from ::1 port 15320 ssh2 >Sep 5 18:31:31 shakti-taos last message repeated 2 times > >Of course I would love to disallow Root logins but will await the >resolution of allowing regular users to connect via ssh first. > >Any suggestions would be greatly appreciated. > > >Thordur I. Bjornsson wrote: >> Leonard Jacobs <[EMAIL PROTECTED]> wrote on Mon 4.Sep'06 at 22:22:30 -0400 >> >>> I've configured a Soekris running OpenBSD 3.9 & pf as a firewall, with a >>> read only CF. I am using the default sshd_config file except to run >>> sshd on port 222. >> /dev mounted read only ? >> >> If so, then thats your proplem. Load it as an mfs on boot. (image + vnd >> ? maybe or sth....) >>> My problem is that I cannot connect remotely to this box via ssh except >>> as root. When a legit user who has an account on that box attempts >>> connection, I get " Failed password for invalid user lj from >>> 192.168.1.13 port 10962 ssh2". Is there anything obvious that you can >>> suggest that might be causing this problem? I did try changing the file >>> system to read/write, but it did not resolve the problem. >>> >>> Thanks. > >
What does # su lj result in? and, have you tried -vvv in the ssh invocation? It won't tell you anything that would allow you to find out whether a user is in the passwd file or such but it might just add some light. >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
